GDPR commitment
brightgate-moss is committed to protecting personal data and supporting clients in meeting their obligations under the UK GDPR.
Lawful basis for processing
We process personal data to deliver contracted advisory services and respond to enquiries. Our lawful basis is legitimate interest and contractual necessity.
Used for responding to enquiries and service improvement.
Used for delivering agreed advisory services.
Data handling approach
We request only the information needed to deliver each engagement.
Data is stored in secure systems with access controls and encryption.
Clients receive clear statements of how data is used in each project.
Data subject rights
Individuals may request access, correction, or deletion of personal information. We respond within 30 days and provide clear guidance on next steps.
Working with clients
When we handle personal data on behalf of clients, we act as a processor and follow data processing agreements agreed during onboarding.
Tailored to each engagement and reviewed annually.
We use minimal sub-processors and provide a list on request.